ENGINE_load_private_key does not get invoked
Dmitry Belyavsky
beldmit at gmail.com
Mon Apr 20 17:00:19 UTC 2020
Dear Mahendra,
On Mon, Apr 20, 2020 at 7:57 PM Mahendra SP <mahendra.sp at gmail.com> wrote:
> Hi Dmitry Belyavsky,
>
> Thank you..To give more info, I am looking at something similar the engine
> in e_4758cca.c in engines folder where ENGINE_set_load_privkey_function
> is called.
> My understanding was, once the callback is set, it automatically gets
> called during RSA operations. As demostrated in e_4758cca.c, ex data can be
> added and during private key operations, same can be access to decide the
> operation. Is this not correct ?
> From your above inputs, looks like ENGINE_set_load_privkey_function needs
> to be called to invoke the callback.
>
> e_4758cca.c shows that in callback, RSA can be modified to add the ex
> data so that same can be accessed during RSA private key operations.
> To confirm, once the callback is registered using
> ENGINE_set_load_privkey_function, callback gets called by openssl before
> every private key operation. Is this correct ?
>
If I understand you correctly, yes.
>
> Thanks
> Mahendra
>
>
> On Mon, Apr 20, 2020 at 10:03 PM Dmitry Belyavsky <beldmit at gmail.com>
> wrote:
>
>> Dear Mahendra,
>>
>> On Mon, Apr 20, 2020 at 7:27 PM Mahendra SP <mahendra.sp at gmail.com>
>> wrote:
>>
>>> Hi Dmitry Belyavsky,
>>>
>>> Thank you for the inputs. If I understand correctly, the
>>> reference indicates loading the private key to engine instance.
>>>
>>> My requirement is to call the ENGINE_set_load_privkey_function so that
>>> the callback gets called before each RSA private key operation.
>>> Reason being, application can use either key with TPM or keys in
>>> software. So I need to load the correct key before each operation gets
>>> invoked.I was looking at
>>> ENGINE_set_load_privkey_function to set the callback.Is this
>>> understanding correct ?
>>>
>>
>> You specify the engine-specific function via
>> ENGINE_set_load_privkey_function.
>>
>> After that, you can load your key using ENGINE_load_private_key -
>> if you pass the reference to your engine to it, the function set via
>> ENGINE_set_load_privkey_function will be used.
>>
>>
>>> Please suggest.
>>>
>>> Thanks
>>> Mahendra
>>>
>>>
>>>
>>> On Mon, Apr 20, 2020 at 8:43 PM Dmitry Belyavsky <beldmit at gmail.com>
>>> wrote:
>>>
>>>> Dear Mahendra,
>>>>
>>>> Take a look at the load_key function in the apps/apps.c as a referent
>>>> example.
>>>>
>>>> On Mon, Apr 20, 2020 at 2:34 PM Mahendra SP <mahendra.sp at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> While writing the engine implementation for private key encryption and
>>>>> decryption, I need to get the private key from external source.
>>>>> ENGINE_set_load_privkey_function(e, load_tpm_private_key)
>>>>> Above API is success.
>>>>>
>>>>> RSA structure is as below.
>>>>> RSA_METHOD my_rsa_struct =
>>>>> {
>>>>> "MY RSA method",
>>>>> NULL,
>>>>> NULL,
>>>>> MyRSAPrivEnc,
>>>>> MyRSAPrivDec,
>>>>> NULL,
>>>>> NULL,
>>>>> NULL,
>>>>> NULL,
>>>>> 0,
>>>>> NULL,
>>>>> NULL,
>>>>> NULL,
>>>>> NULL
>>>>> };
>>>>>
>>>>> However, the routine load_tpm_private_key does not get invoked during
>>>>> private key encryption and decryption.
>>>>> Private key encryption and decryption gets routed to the above
>>>>> overloaded routines namely " MyRSAPrivEnc " and " MyRSAPrivDec". But
>>>>> load_tpm_private_key never gets invoked.
>>>>>
>>>>> Is there a flag to force the same ? I have tried it using openssl
>>>>> 1.0.2 version. All other engine calls work as expected, but not this one.
>>>>>
>>>>> I have also tried to debug in ENGINE_load_private_key in eng_pkey.c
>>>>> file. I dont see this function getting invoked. In this function, the
>>>>> private key callback set above gets invoked.
>>>>>
>>>>> Please suggest if I am missing something here.
>>>>>
>>>>> Thanks
>>>>> Mahendra
>>>>>
>>>>
>>>>
>>>> --
>>>> SY, Dmitry Belyavsky
>>>>
>>>
>>
>> --
>> SY, Dmitry Belyavsky
>>
>
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200420/bea435bd/attachment-0001.html>
More information about the openssl-users
mailing list